Pwn2Win 2021 – Backstage

On May 28 of 2021, at 13:37 (following the tradition), the Pwn2Win CTF 2021 began. This year, in addition to our high CTFTime rating (83.41), we received the responsibility of selecting a team for DEFCON CTF Finals, which attracted many world Top Teams and gave us a fierce and exciting dispute. It took us about 6 months to organize it.

This edition broke several records:

  • The largest number of registered teams: 1091 (+26%)
  • The largest number of scoring teams: 720 (+80%)
  • The first Brazilian CTF chosen as DEFCON CTF Qualifier
  • The largest sponsorship, both in value and number of partners

Organization Team

In addition to the ELT members, collaborators helped us with challenges and other activities before and during the CTF. We want to thank the folks:

  • Álisson “gnx” Bertochi: Coordinator. Miscellaneous challenges author
  • André Smaira: Marketing. Coordinator. Reversing and Miscellaneous challenges author
  • Caio Lüders: Web Hacking and Miscellaneous challenges author
  • Caue Obici: Exploitation and Web Hacking challenges author
  • Dan Borges: Story illustration. We strongly recommend his work, see here.
  • Éderson “edstz” Szlachta: Winners certificates maker
  • Fernando “feroso” Dantas: Exploitation challenges author
  • João “Chinchila” Sobral: Cryptography challenges author
  • José “esoj” Luiz: Exploitation challenges author
  • Lorhan Sohaky: Web frontend development. Support and hotfixes during the event.
  • Luan Herrera: Web Hacking challenges author
  • Lucas Teske: Reversing and Hardware challenges author
  • Matheus “abrasax” Vrech: Web Hacking challenges author
  • Matteus “n0one” Silva: Healthchecker maker and Deployer. Support and hotfixes during the event.
  • Mesailde Matias: Story author
  • Paulo “thotypous” Matias: Coordinator. Reversing, Hardware and Miscellaneous challenges author. Support and hotfixes during the event.
  • Pedro “pedroysb” Barbosa: Cryptography and Exploitation challenges author. Support and hotfixes during the event.
  • Saullo “n0ps13d” Carvalho: Exploitation and Reversing challenges author
  • Thales “c4v0k” Araújo: Cryptography challenges author
  • Vinicius “pdpano” Aurichio: Story translator

It was not so easy

After the CTF, we could have said it was easy to make the Pwn2Win happen, but it wasn’t. There were many challenges in the Pwn2Win organization besides the ones that the players had to solve!

People

This is always the most stressful challenge. Making Pwn2Win took months and much work from volunteers that made it happen just for the pleasure of doing it. We used some tools to manage it, like:

GitLab: challenges version control (Infos, Attachments and Deploy), checklists, and issues (challenges ideas). The following video shows the interactions of people with the repository

Google Calendar: deadline dates

Google Meet: important decisions and development monitoring meetings.

Google Sheets: challenges making status control.

Google App Script: automatic reminder emails.

Telegram: main organization communication channel.

Infrastructure

Like last year, we got Sponsored by Google and had $700 in GCP credits to use. Here are some of the technologies we used in this record-breaking edition:

CloudFlare: platform protection, some Web Challenges SSL and DNS server for challenges:

Docker: containers technology used in the challenges deploys.

DreamHost: main challenges files repository

Google Drive: mirror challenges files repository

GitHub: challenges description and information repository host

Google Cloud Platform: challenges VMs (one per challenge), Firebase (Realtime Database) and the LoadBalance feature for some challenges.

Grafana: challenges health checker. The Healthchecker was a python script running all the challenges solvers and providing a JSON with each challenge status, which was received and used by Grafana for charts generation.

Good Challenges

Innovation is at the core of every pwn2win. We have always prepared very unique challenges and this is a very important feature for us! Keeping the already known and expected quality, as well as honor our high CTFTime rating, are very difficult tasks. Our 0days and innovative challenges were only possible again due to months of the full dedication of our wonderful team members.

Ranking

Due to our high rating and the DEFCON CTF spot, the world’s top team played Pwn2Win 2021. The dispute was intense! There were many overtakings, which made this historic edition even more fantastic. There were 1094 registered teams (+26% increase over Pwn2Win 2020), and 720 scoring teams (+80% increase over our previous record).

Towards the end of the event, we had one more surprise when the DiceGang team submitted many flags sequentially, which were being hidden to surprise the other teams at the end, a practice known as “flag hoarding”. For sure everyone was surprised! This technique is controversial in relation to fair play, but not forbidden by any rules.

In end, the winners were DiceGang (USA), uuunderflow (KOR+JAP) e justCatTheFish (POL). They solved many difficult challenges and we congratulate them on this!

Ranking of Brazilian teams

The top 3 Brazilian teams are:

 (18º overallGanesh – Team of ICMC (Institute of Math and Computational Sciences) from USP (University of São Paulo).

 (36º overallFireShell

3º (44º overallShingeki No Covid – Team of UFSCar (University of São Carlos) students.

Congratulations!

Pwn2Win 2021 in numbers

  • Registered teams: 1094
  • Scoring teams: 720
  • Teams X Time:

Registered teams by country

  • Registered countries: 94
  • Top number of registered teams:
    • IND – 147
    • BRA – 124
    • USA – 122
    • CHN – 55
    • KOR – 49
  • Top number of scoring teams:
    • IND – 90
    • USA – 88
    • BRA – 58
    • JPN – 36
    • KOR – 35
  • Top maximum scores:
    • USA – 6819
    • KOR / JPN – 5808
    • POL – 4385
    • DNK – 4011
    • CHN – 3870
  • Top average scores:
    • HKG – 2705
    • KAZ – 1097
    • COG – 1093
    • DNK – 1015
    • POL – 704

Correct submissions

  • Total: 1114
  • Solves per hour

Solves rate

  • Maximum: 1 solve each 1.3043 seconds at CTF beggining
  • Average: 1 solve each 155.1167 seconds
  • Minimum: 1 solve each 2640 seconds, 6 hours before CTF ended

Challenges

  • Number of challenges: 27
  • Each challenge:
    1. [bonus] Rhiza – founded on the human being: 714 solves, by mesailde
    2. [crypto] A2S: 10 solves, by c4v0k
    3. [pwn] Accessing the Truth: 8 solves, by pedroysb
    4. [pwn] Baby write-only password manager: 20 solves, by esoj
    5. [misc] Botnet – The Final Bypass: 4 solves, gnx
    6. [pwn] C’mon See my Vulns: 54 solves, by caue
    7. [crypto] cladorhizidae: 12 solves, by c4v0k
    8. [misc] Dots Exposed: 33 solves, by caioluders
    9. [pwn] Enlighten Me Pt.1: 7 solves, by feroso
    10. [pwn] Enlighten Me Pt.2: 0 solves, by feroso
    11. [web] HackUs: 10 solves, by herrera
    12. [rev] Highest Power: 1 solve, by n0ps13d
    13. [web] Illusion: 78 solves, by caue
    14. [crypto] Kangurei: 3 solves, by chinchila
    15. [misc] Lost Exponent: 31 solves, by andre_smaira
    16. [web] MessageKeeper: 2 solves, by herrera
    17. [crypto] Oh, Anna Julia: 49 solves, by pedroysb
    18. [misc] Oldschool Adventures – Apple II: 11 solves, by gnx
    19. [pwn] pe_analysis: 3 solves, by n0ps13d
    20. [web, misc] Ruthless Monster: 13 solves, by caioluders
    21. [web] Small Talk: 16 solves, by vrech
    22. [crypto] t00 rare: 13 solves, by pedroysb
    23. [hardware, rev] The ethernet from above: 0 solves, by racerxdl and thotypous
    24. [hardware, rev] The REAL ethernet from above: 0 solves, by racerxdl and thotypous
    25. [rev] The Return of Too Slow: 16 solves, by andre_smaira and thotypous
    26. [pwn] True write-only password manager: 5 solves, by esoj
    27. [misc] WSPR decoy: 1 solve, by thotypous

After the end

After Pwn2Win 2021 ended, we announced that the challenge The ethernet from above would have an extra prize if solved within one week since it had no solution during event time. It happened and we congratulate Maple Bacon by it. This and all of the other PWn2Win CTF challenges Write-Ups can be found here.

Acknowledgments

In addition to all ELT members, who did more than the possible to make this Pwn2Win 2021 be the success it was, we thank all our friends that help us, mainly Lorhan, who worked hard in this excellent game platform.

Furthermore, we thank our sponsors:

  • Google for Infrastructure Sponsorship, essencial for the event
  • BugHunt
  • PRIDE Security
  • Resh Cyber Defense

Final words

One more Pwn2Win and one more year of records! We managed to do an extremely high level extremely original CTF again, with many challenges making history! Top teams’ registrations and very high future rating (99.41, the fourth-highest for 2022 until now) made us sure we made a fantastic Pwn2Win again! We will continue improving based on players’ feedbacks and bring an even more perfect event next year with Pwn2Win 2022! Wait for us!

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *